We found a match
Your institution may have access to this item. Find your institution then sign in to continue.
- Title
Generating ICS vulnerability playbooks with open standards.
- Authors
Empl, Philip; Schlette, Daniel; Stöger, Lukas; Pernul, Günther
- Abstract
Organizations face attacks on industrial control systems (ICS) as vulnerabilities are pervasive. However, patching vulnerable systems by simply updating to the newest version is often not an option and shifts focus to workarounds. Beyond pure patching, workarounds specify other remediation measures (e.g., firewall or VPN configuration) that must be taken due to system availability requirements, complexity, or heterogeneous devices. In this paper, we introduce vulnerability playbooks based on open standards. Pushing the envelope of cybersecurity playbooks—steps organizations should follow when responding to cybersecurity incidents reactively—for ICS vulnerability management offers organizations a more transparent, repeatable process and faster, possibly automated actions. We have designed a process model to collect and transform security advisories in Common Security Advisory Framework (CSAF) format and generate Collaborative Automated Course of Action Operations (CACAO) playbooks based on listed remediation advice. With a proof of concept, we demonstrate that structured CSAF documents can be seamlessly transformed into CACAO playbooks. For our industrial use case, we must also use unstructured security advice highlighting quality differences (compared to CSAF). Our generated 79 standard conformant CACAO playbooks with 485 identified actions hint at imbalanced advice toward patching. Preferably, vendors should include detailed technical remediation advice, provide APIs, and go beyond patching recommendations in their security advisories. Subscribers should structure their assets and use machine learning to normalize, generate, and prioritize CACAO playbooks. With CSAF and CACAO, we see two open standards for handling vulnerabilities.
- Subjects
INDUSTRIAL controls manufacturing; VIRTUAL private networks; SYSTEMS availability; CACAO; APPLICATION program interfaces
- Publication
International Journal of Information Security, 2024, Vol 23, Issue 2, p1215
- ISSN
1615-5262
- Publication type
Article
- DOI
10.1007/s10207-023-00760-5